ReadWrite - privacy abusehttp://readwrite.com/tag/privacy-abuse
enCopyright 2015 Wearable World Inc.http://blogs.law.harvard.edu/tech/rssTue, 31 Mar 2015 10:52:16 -0700The Battle Of The Block: How LinkedIn Finally Stopped The Stalkers<!-- tml-version="2" --><p>When a San Francisco-based tech recruiter—we'll call her "Sally," a pseudonym—filed a restraining order against an ex-boyfriend, the court documents listed Facebook, Pinterest, and even Etsy as no-go zones for him. But it was LinkedIn that Sally was worried about. </p><p>“He started following what I was doing on LinkedIn,” Sally told me. “Who I was connecting with. He was trying to track what I was doing professionally.&nbsp;Every day I was seeing his face on my profile."</p><p>LinkedIn's basic features for connecting people became ways for Sally's stalker to remind her of his presence.&nbsp;</p><p>"He started referring people to me, and connecting to people I was connecting with," she said.</p><p>Sally had no way of stopping him, short of a court order. Neither did any of LinkedIn's 300 million members, until LinkedIn finally rolled out a block feature in <a href="http://community.linkedin.com/questions/156990/linkedin-announces-member-blocking.html">February of this year</a>.</p><p>Why did it take so long?</p><h2>Blocked On Blocking</h2><p>The notion of blocking users is far from new. Instant-messaging systems like AIM and Yahoo Messenger have long had blocking systems to prevent users from contacting each other or even seeing whether another user was online.</p><p>Facebook had blocking since its earliest days; while the company's press office couldn't pin down an official date, Ezra Callahan, an early employee, believes it was present in 2004 or 2005, when the site was a simpler college-only network.</p><p>Twitter&nbsp;implemented blocking <a href="https://blog.twitter.com/2007/news-and-updates">back in 2007</a> when the service was just a year old.</p><p>LinkedIn is actually older than Twitter and Facebook. When it was founded in 2003, it "started off with a big value of public profile information,” said Madhu Gupta, LinkedIn's head of security, privacy and customer-service products. That was the big innovation of LinkedIn: It took something formerly viewed as private and personal, the professional resume, and turned it into something public.&nbsp;</p><p>It seems that LinkedIn's founders, intending the service for professional networking, never anticipated that its members might use it for darker purposes. But as it added feature after feature, stalking became a reality.</p><p>In Sally’s case, her ex harassed her for two years on LinkedIn—sometimes in violation of the court order—before the new function allowed her to stop him for good.</p><h2>Growing Pains</h2><p>People had been <a href="http://community.linkedin.com/questions/22529/blocking-enabled.html">asking LinkedIn</a> to implement blocking for a long time. But LinkedIn had other problems to solve.</p><p>One was keeping up with the service's explosive growth. In the last year alone,&nbsp;<a href="http://press.linkedin.com/News-Releases/333/LinkedIn-reaches-300-million-members-worldwide">it's added</a><a href="http://blog.linkedin.com/2013/01/09/linkedin-200-million/"></a> 100 million users.&nbsp;</p><p>Another was updating LinkedIn's technical architecture, which was hobbling efforts to evolve the site.</p><p>After the company went public in 2011, the engineering team "struggled to hold the site together with the digital equivalent of chewing gum and duct tape," Bloomberg <a href="http://www.businessweek.com/articles/2013-04-10/inside-operation-inversion-the-code-freeze-that-saved-linkedin">wrote</a>. To get back on track, LinkedIn's engineering boss&nbsp;launched Project InVersion<a href="http://www.businessweek.com/articles/2013-04-10/inside-operation-inversion-the-code-freeze-that-saved-linkedin"></a>, an effort to rebuild the site from top to bottom. For months, the company froze development of new features. After InVersion was done, LinkedIn's engineers could move much more quickly—but they had a massive backlog of projects to work on.</p><p>LinkedIn's fast-growing member base meant more and more people on the site—and more problems, as the site became a must-visit for professionals who couldn't avoid stalkers if they wanted to keep up with colleagues and stay relevant in their careers.</p><p>According to LinkedIn, the company was aware that users occasionally requested a block function. One of those users was Anna R., a LinkedIn member from Columbus, Ohio, who launched a&nbsp;<a href="http://community.linkedin.com/questions/19213/please-sign-linkedin-blocking-petition-stalkers.html">Change.org petition</a> in April 2013. That summer, LinkedIn executives learned about the petition, in which Anna R. related how a man who she said had sexually assaulted her in her workplace used LinkedIn to view her profile, an action which LinkedIn's interface notified her of. The petition became a catalyst for change.&nbsp;</p><p>The frustration over this gaping hole in the company's privacy settings was reasonable: Anna R. pointed out that every major social site allowed for blocking—even Pinterest.</p><p>But the expectations held by some users were not.&nbsp;</p><p>"To allow members to block stalkers would take ONE of your developers about ONE man-hour to implement. So why haven't you done it?" <a href="http://community.linkedin.com/questions/133951/block-stalkers-1.html">one disgruntled member wrote</a>.</p><p>In fact, it took six months, and hundreds of engineers across LinkedIn—a massive, companywide effort. Work began in earnest in August 2013.</p><h2>Tackling Blocking</h2><p>Blocking is far easier said than done. For one thing, what does it mean to "block" a user? Not everyone has the same answer.</p><p>Twitter faced its own <a href="http://readwrite.com/2013/12/12/twitter-reverts-block-policy-after-user-outrage">blocking controversy</a> last year when it announced it would change its blocking feature to “mute” a person. In the new version of blocking, the person could still follow the blocker. The idea was that it would reduce antagonism and the prospect of retaliation if people didn’t realize they’d been blocked.</p><p>It took outraged users less than a day to convince Twitter to reinstate the block function it just got rid of. (It has since introduced a mute function alongside the older block function.) Even so, Twitter's blocking is imperfect: Because Twitter is a mostly public social network, anyone can see public tweets. The only way to prevent people from seeing your posts is to keep your account private.</p><p>One of the biggest challenges for LinkedIn was figuring out what, exactly, happens when someone is blocked.</p><p>“There are a lot of nuances as you start thinking about," said Gupta, the LinkedIn security and privacy head who oversaw the project. "What happens when you block the member? What should that experience be when you come to my profile page?”&nbsp;</p><p>LinkedIn ultimately decided that when you block someone, they should be unable to see your profile or any content you publish. That includes any comments in groups you both might be a part of, or blog posts you publish to the site. It removes them entirely from your LinkedIn experience.</p><p>That product decision set the stage for the technical challenge.</p><p>“Every one of our applications like search, messaging, recommendations, all needed to implement their own version of how to filter out and how to filter out blocked members and not showing their content,” Gupta said.</p><p>Virtually every team at LinkedIn—26 product and service groups—had to be involved to make sure it worked correctly.</p><div tml-image="ci01af657b1768860d" tml-image-caption=""><figure><img src="http://a3.files.readwrite.com/image/upload/c_fill,cs_srgb,dpr_1.0,q_80,w_620/MTIxNDI3Mjk0MzEwMjcwNDc3.jpg" /><figcaption></figcaption></figure></div><h2>Putting LinkedIn To The Test</h2><p>When one member blocks another, the two form a "blocking pair." On nearly every page of the site, LinkedIn is looking at content from and relationships with dozens, maybe hundreds of other members. Looking through LinkedIn's database of 300 million members for every interaction would bring the site crashing to a halt.</p><p>And to live up to Gupta's vision of how blocking should work, every thing a member sees and does on LinkedIn has to respect any blocks other members had put in place.</p><p>"When we do a feature like member blocking, we have to touch more than 60 different front- and backend services—all the member-facing products you see,"&nbsp;Vicente Silveira, Director of Engineering Security Infrastructure at LinkedIn, said in an interview.&nbsp;"Profile, search, inbox—all those things are different features powered by a set of services that have to be changed to honor member blocking."</p><p>The good news was that LinkedIn's growing complexity of functions, like its new tools for publishing, also required quick ways to look up relationships and evaluate how closely two members are connected. The system for looking up "blocking pairs" could rely on some of that architectural work.</p><p>Rather than pinging a centralized database of blocked members every time, LinkedIn stored the information close to each service.</p><p>"We found a space-efficient manner to pretty much keep all the blocking info and all the services that needed it so they could do a local lookup," Silveira said. "We provide the services these lists, so they can have a local copy they can check." That approach provides "low latency," Silveira said—meaning users don't have to wait a long time for pages to load.</p><p>There was one more technical challenge: LinkedIn normally rolls out new features gradually to a small set of users to test response and catch bugs. With blocking, the team decided it couldn't do that: Everyone should have blocking at the same time, and it needed to work across the service immediately.</p><p>The engineering team had to develop 50 new tests just to make sure member blocking worked across various versions of LinkedIn, including desktop and mobile websites and LinkedIn's various apps. The engineering team also ran 18,000 existing tests to make sure the introduction of blocking didn't break other functions.</p><p>The work LinkedIn did on blocking dovetailed into other development. &nbsp;One example is LinkedIn's new publishing tools. The day before LinkedIn introduced blocking, the <a href="http://readwrite.com/2014/02/19/linkedin-publishing-platform-expansion">company opened up its publishing platform</a><a href="http://blog.linkedin.com/2014/02/19/the-definitive-professional-publishing-platform/"></a> to a small set of LinkedIn users. (Previously, it had only be available to a few hundred famous business leaders like Richard Branson and Jack Welch.) These posts <a href="http://help.linkedin.com/app/answers/detail/a_id/47542/~/distribution-of-long-form-posts---linkedin%E2%80%99s-publishing-platform">hit a customized audience</a>, so LinkedIn needs to make sure it shows up for the right people in someone's network—and doesn't show up to someone who's blocked.</p><p>LinkedIn may have been late to the game, but it arguably built a block feature that's more sophisticated and sensitive than Twitter's.</p><p>(For people still concerned about privacy even after they've blocked a user, it's possible to <a href="http://help.linkedin.com/app/answers/detail/a_id/77/kw/anonymous/related/1">tailor your public profile</a> to prevent anyone outside of your network—including people who search for you online and don't have a LinkedIn account—to see your name or profile.)</p><p>When Getting A Job Leaves You Exposed</p><p>When you sign up for a social network, you’re making yourself visible to the world in a way that was rarely possible before the rise of social media. And while there are many benefits—in LinkedIn’s case, it can help you get a job—the downside is that visibility can mean vulnerability.</p><p>Harassment and bullying are problems many social networks have, and ones that law enforcement is ill-equipped to deal with. It’s especially bad for women.</p><p>As feminist writer&nbsp;<a href="http://www.psmag.com/navigation/health-and-behavior/women-arent-welcome-internet-72170/">Amanda Hess writes</a>:</p><blockquote><p>“Ignore the barrage of violent threats and harassing messages that confront you online every day.” That’s what women are told. But these relentless messages are an assault on women’s careers, their psychological bandwidth, and their freedom to live online.</p></blockquote><p>Our online lives have become just as important as our offline ones—and social media companies need to take steps to prevent online harassment that can affect us in the real world.</p><p>LinkedIn faced a lot of criticism, deservedly, for being late to introduce blocking. But from what ReadWrite has learned, after the company decided to make the feature a priority, it moved swiftly to solve a complex technical problem in a way that made blocking a meaningful safety measure—not just a quickly implemented, face-saving gesture to appease critics.</p><p>For Sally, the block function provides some sense of security, though she doesn’t think her ex-boyfriend has stopped stalking her online.</p><p>“I think [blocking] has anonymized it," she said. "Do I think he’s still doing it? Absolutely. The good news is, I don’t have to see his face.”</p><p><em>Illustration by <a href="https://www.flickr.com/photos/billstrain/4297646721">Bill Strain</a></em></p>Inside the building of LinkedIn's block feature.http://readwrite.com/2014/07/28/linkedin-blocking-engineering-effort
http://readwrite.com/2014/07/28/linkedin-blocking-engineering-effortSocialMon, 28 Jul 2014 06:01:59 -0700Selena LarsonEFF: Twitter Scores, Verizon Fails At Protecting User Privacy<!-- tml-version="2" --><div tml-image="ci01b2825b50016d19" tml-render-position="center" tml-render-size="large"><figure><img src="http://a4.files.readwrite.com/image/upload/c_fill,cs_srgb,dpr_1.0,q_80,w_620/MTIyMzAzNDY2NzA5MjIxOTkw.jpg" /></figure></div><p>The Electronic Frontier Foundation has posted its annual report on which Internet vendors do the most to help protect their users's private information. And this year's two best protectors by the EFF's definition? <a href="https://twitter.com">Twitter</a> and Internet Service Provider <a href="http://sonic.net">Sonic.net</a>.</p><p>Each of these two vendors scored well within the EFF's six criteria used to judge online services in the organization's <a href="https://www.eff.org/sites/default/files/filenode/who-has-your-back-2013-report.pdf">Who Has Your Back? 2013</a> report posted today.</p><p>For the EFF, the most privacy-oriented companies should comply with these policies:</p><ul><li>Requiring a Warrant for Content</li><li>Telling Users About Government Data Requests</li><li>Publishing Transparency Reports</li><li>Publishing Law Enforcement Guidelines</li><li>Fighting for Users’ Privacy in Court</li><li>Fighting for Users’ Privacy in Congress</li></ul><p>Each rated company gets a star when it does well with one of these criteria. Twitter and Sonic.net nailed it with six stars. <a href="http://www.linkedin.com">LinkedIn</a>, <a href="https://www.dropbox.com">Dropbox</a> and storage service <a href="https://spideroak.com">SpiderOak</a> received five stars, having each missed the fighting for users’ privacy in court category.</p><p>The worst performers in the EFF's round-up of privacy advocacy? Social media platform <a href="http://www.myspace.com">MySpace</a> and cellular carrier <a href="http://www.verizon.com">Verizon</a>, which were awarded no stars at all. <a href="http://www.apple.com">Apple</a>, <a href="http://www.att.com/">AT&amp;T</a> and <a href="http://www.yahoo.com">Yahoo</a>, only received one start apiece, with the latter getting the award for pushing back in the courts and the other two companies achieving the fighting for users' privacy in Congress star.</p><p>Overall, the EFF thinks that things are getting better among these vendors that deal with so much user data.</p><p>"We’re happy to report that several of the companies included in last year’s report have significantly improved their practices and policies concerning government access to user data," <a href="https://www.eff.org/who-has-your-back-2013">the organization reported</a>, "Comcast, Google, SpiderOak, and Twitter earned two new stars this year while Microsoft earned three new stars. Foursquare went from zero stars in 2012 to four in 2013."</p><p>The report might seem a bit disjointed in its approach, lumping a lot of companies in together with the only common thread being the handling of user data. Users' expectations on a social network like <a href="https://www.facebook.com">Facebook</a> is much different than privacy concerns on Verizon or <a href="https://www.amazon.com">Amazon</a>.</p><p>But this is a report about government overreach, not expectations of privacy. The government may be able to see your data on your Facebook page, but to use it in a trial or investigation, they should still use a warrant, the EFF is arguing. Users may be surprised to see so many large data handlers that don't even have that basic requirement.</p><p>Things are getting better, but there is still a long way to go.</p>The Electronic Frontier Foundation's annual report on which Internet vendors do the most to help protect their users's private information reveals progress as well as vendors who still need improvement.http://readwrite.com/2013/05/02/eff-vendors-better-at-protecting-user-data-from-government-overreach
http://readwrite.com/2013/05/02/eff-vendors-better-at-protecting-user-data-from-government-overreachWebThu, 02 May 2013 08:15:00 -0700Brian ProffittOnline Privacy: The Opt-Out Revolution Is Almost Here<!-- tml-version="2" --><div tml-image="ci01b281dcc0016d19" tml-render-position="center" tml-render-size="large"><figure><img src="http://a4.files.readwrite.com/image/upload/c_fill,cs_srgb,dpr_1.0,q_80,w_620/MTIyMzAyOTIzOTMyODYxMDMw.jpg" /></figure></div><p>What if two-thirds of the people on the Web were invisible, secretly visiting websites and searching for products and services while leaving Internet giants like Google and Facebook in the dark about what they were doing?</p><p>With no information on those people's activities, there could be no targeted advertising for them and much of the multi-billion-dollar ad Web market would collapse, forcing big changes in the business models of today's biggest and most powerful Internet companies.</p><p>While such a scenario won't come to pass overnight, a new study by <a href="http://ovum.com/section/home/">market researcher Ovum</a> indicates that millions of people could start "vanishing" from the Web within a few years, causing major disruptions to the Internet economy. The reason so many people may go data dark? Privacy concerns.</p><h2>The Future Is Here</h2><p>Signs exist today that the procession of media stories showing Internet companies compromising user privacy in favor of advertisers are having an impact on more and more people's psyche. Recent examples of the kinds of stories that over time erode trust include Facebook <a href="http://usatoday30.usatoday.com/tech/news/story/2011-11-15/facebook-privacy-tracking-data/51225112/1?csp=34money">acknowledging to <em>USA Today</em></a> that it keeps a running log of the Web pages each of its 1 billion monthly active users visited over the previous 90 days.</p><p>Other examples include <a href="http://www.lexology.com/library/detail.aspx?g=36b5adad-adef-4a2c-a8e2-df30e2a6fbc6">a half-dozen federal class-action suits</a> filed against Google and Viacom, accusing the companies of collecting data on children visiting sites such as Nick.com and NickJr.com and then sharing the information. And Canadian and Dutch authorities <a href="http://www.reuters.com/article/2013/01/28/us-whatsapp-privacy-idUSBRE90R0T520130128">reporting that WhatsApp,</a> an instant-messaging smartphone application ranked as one of the world's top five best-selling apps, violates international privacy laws by forcing users to provide access to their address books.&nbsp;</p><p>The regularity of such bad behavior over the last several years has taken its toll on the reputation of the tech industry. In a survey of Internet users in 11 countries, including the United States, <a href="http://ovum.com/press_releases/ovum-predicts-turbulence-for-the-internet-economy-as-more-than-two-thirds-of-consumers-say-no-to-internet-tracking/">Ovum found</a> that only 14% believed Internet businesses were honest about their use of people's personal data. Worse for the future of online advertising, 68% would choose to block all tracking, if that option was easily available.</p><p>While Web browsers and some Internet companies, including Facebook and Google, provide tools for limiting the sharing of data, they are not easy enough for most people to use- and they are not marketed in a way to maximize use, Ovum analyst Mark Little says. As a result, many people are open to alternatives, and entrepreneurs are moving in.</p><p>Examples include <a href="https://www.personal.com/">Personal Inc.</a>,&nbsp;<a href="http://respectnetwork.com/">Respect Network</a>, <a href="http://i-allow.com/">Allow</a> and <a href="https://www.abine.com/">Abine</a>. This segment of the tech industry is growing with a message that goes beyond just blocking companies from online tracking. They also market personal data vaults and reputation management that searches and deletes data on the Web.</p><p>These tools are not widely used today, but in time, as privacy concerns continue to grow and these products get easier to use, consumers will likely start taking control of their personal data. "It's not just about blocking because you are concerned about your data and how much people know about you," Little said. "People are also blocking because they are feeling like companies are getting rich on them. They're feeling exploited."</p><h2>People's Changing Attitudes</h2><p>An indication of changing attitudes toward guarding personal information can be seen in the ballooning popularity of <a href="http://www.snapchat.com/">Snapchat</a>, which lets users send pictures and videos that self-destruct in 10 seconds. As of last weekend, the app was the third most popular photo and video app in the U.S., according to analytics company <a href="http://www.appannie.com/">App Annie</a>. Snapchat claims that 50 million "snaps" are sent every day.</p><p>Snapchat is popular mostly with teenagers and young adults, who often use the service to send naughty pictures. However, there is also a growing unease among young people about having a permanent social record on Facebook or Google+, <a href="http://www.businessweek.com/articles/2013-02-07/snapchat-and-the-erasable-future-of-social-media#p1"><em>Bloomberg Businessweek</em> reported</a> this week. It makes sense that this age would be most sensitive to having personal information on the Web, since they are under constant surveillance by people who can have major impact on their lives, such as teachers, college admissions officers and parents.</p><p>The desire for impermanence and control of data is also growing among older Web users. A 2010 survey by researchers at the University of California at Berkeley found that roughly nine in 10 people aged 18-to-24 years and 45-to-54 supported a proposed law that would require websites and advertising companies to delete all stored data about a person on request.</p><h2>Zuckerberg Was Wrong</h2><p>In 2010, Mark Zuckerberg, co-founder and chief executive of Facebook, said he believed people's attitudes toward sharing personal data had become much more open. "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people," he said in an <a href="http://readwrite.com/2010/01/09/facebooks_zuckerberg_says_the_age_of_privacy_is_ov">onstage interview </a>with TechCrunch founder Michael Arrington. "That social norm is just something that has evolved over time."</p><p>Zuckerberg was wrong.</p><p>As people become more aware of how Internet companies are using their personal data and how it affects their lives, they will start sharing less and demand more control. When that happens, a lot of Internet companies will have to dramatically change their relationship with users or make do with a lot less data to sell to advertisers.</p><p><em>Image courtesy of <a href="http://www.shutterstock.com">ShutterStock</a>.</em></p>Internet companies making a fortune by selling user data to advertisers could soon see those business models erode as fed-up consumers share far less of their personal information.http://readwrite.com/2013/02/12/online-privacy-the-opt-out-revolution-is-almost-here
http://readwrite.com/2013/02/12/online-privacy-the-opt-out-revolution-is-almost-hereWebTue, 12 Feb 2013 05:00:00 -0800Antone Gonsalves